I wonder how one would hash a password using aws-crypto (aws-encryption-sdk-javascript).
I already used the @aws-crypto/client-node library to do some symmetric encryption using KMS.
import { KmsKeyringNode, encrypt, decrypt } from '@aws-crypto/client-node';
const keyring = new KmsKeyringNode({
generatorKeyId: "keyid"
});
const { result } = await encrypt(keyring, cleartext);
const { plaintext } = await decrypt(keyring, result);
console.log(plaintext);
My problem using this approach for encrypting password is, that i am still able to decrypt the passwords. I don't need this functionality since i only want to encrypt the passwords and check other strings using the same encryption against those encrypted ones to see if they match.
How would one do this with aws-crypto and KMS?
The aws-crypto client-side library is primarily aimed at encryption/decryption use cases. If I understand your use case, I think a regular salted password hash would be appropriate.
The bcrypt package is quite popular and has a good interface. Or there are solutions that don't require third-party packages, for example using the native Node.js crypto module.